It is known that this list of filters is available in uBlock Origin + uBlock Origin Lite. Why is it useful? Because some websites scan certain ports in certain cases. If you want to do a test just open the website below: https://www.spectrum.net/ and click on "Sign In". I noticed recently that user @Kongo who uses the Ghostery extension in Firefox has enabled this extension: https://addons.mozilla.org/en-US/firefox/addon/port-authority/ which does the same job as the filter list in the thread title. But is it possible in other ways to block port scanning,against our will, of some websites? Yes Blocking websocket with a simple rule prevents port scanning: Of course, this is also possible with the filter list: Hard/Medium Mode with TLD also prevents scan: I noticed that in my Firefox,without extensions, port scanning is prevented because the third party website cookie is rejected: Also in Edge the scan is blocked probably because due to poor effectiveness “always HTTPS” I closed the scanned ports: So there are multiple methods to prevent unauthorized scanning of our ports. But it is always best to test. P.S. This list of filters was also requested in AG Browser Extension: https://github.com/AdguardTeam/AdguardBrowserExtension/issues/3183
I write you this rule that blocks Ping,Beacon,and Websocket: Code: ||*$object,ping,websocket P.S. When the list of filters is available in AG Browser Extension you can delete the rule “websocket”
Thank you, although it's not explicitly mentioned in the rule, it's still blocked and ping too, except csp report.
Also, is there a way to add an exception to the rule? discord.com is broken now. Tried: Code: discord.com||*$object,ping,websocket but it disables the whole rule.
Blocking websocket breaks chat functions. I would make next rule to except discord. ||*$websocket,to=~discord.com So not in one rule with other blocked elements.
Thanks a lot both @Sampei Nihira and @Jan Willy So I could have: Code: ||*$object,ping @@*$websocket,domain=discord.com or Code: ||*$object,ping ||*$websocket,to=~discord.com Correct me if I'm wrong.
In the first case you shouldn't split the blocking rule. So include websocket in the blocking rule. Otherwise it wouldn't make sense to make an exclusion rule.
Alright, I shouldn't split the blocking rule so... Code: ||*$object,ping,@@*$websocket,domain=discord.com
Sorry, that's not what I mean. You shouldn't split off websocket from the blocking rule. That's how it should be: ||*$object,ping,websocket @@*$websocket,domain=discord.com
Ah ok, thanks. Now, this rule of yours doesn't seem to work: Code: ||*$object,ping,websocket ||*$websocket,to=~discord.com Guess I did something wrong.
Yes, you did (again). This is how it should be: ||*$object,ping ||*$websocket,to=~discord.com Edit 1: Don't use the rules from Sampei Nihira together with my rules, and don't mix them. Edit 2: I did some research and I think the rule should be: ||*^$websocket,to=~gateway.discord.gg Edit 3: Test of my blockrule on https://www.deviceinfo.me/
Try you who use Discord + websocket blocking (which I don't use) what is the best exception for restoring.
I suggest that you use ubO's logger which lets you easily and comfortably create (exception) filters. Makes life much easier if you're not familiar with the filter syntax. Regarding that list: it was originally developed by gwarser and added to uBO's stock filter lists quite some time ago but it's still not enabled by default, AFAIK. I wonder why as I've been using it for years without problems. EDIT: I've also added it to Brave.
In order to exclude more domains, I assume I need to add a new line per domain, right? Code: ||*$object,ping,websocket @@*$websocket,domain=discord.com @@*$websocket,domain=example1.com @@*$websocket,domain=example2.com or Code: !||*$object,ping !||*^$websocket,to=~gateway.discord.gg !||*^$websocket,to=~example1.com !||*^$websocket,to=~example2.com
To make it clear, I'm not a fan of a general blocking rule for websocket. As I said before, it breaks chat functions. It's not always obvious which party is responsable for using the websocket protocol (as we've seen in the case of discord; though a logger can help). Sometimes excluding the right domain from the blocking rule can be a rather difficult and time robbing job. Besides that, creating custom blocking rules carries the risk that things getting messed up. Especially when you are not experienced in this area. So I agree with the post from summerheat. Or in your specific case, wait till AG adds an appropriate filterlist. In the meantime the world won't collapse. Nevertheless I will give you some more explanation. You have to distinguish between the specific exclusion rule (starting with @@) from sampei nihira and my blocking rule that includes an exclusion. In the first case you can make separate rules for each excluded domain, because each rule will be unique and will not interfere with other rules. But if you want, it's possible to make one exclusion rule for more domains, which looks like this: @@*$websocket,domain=example1.com,example2.com,example3.com In the second case the right blocking rule that includes more excluded domains should look like this: ||*^$websocket,to=~example1.com,~example2.com,~example3.com And never place ! in front of it. It makes the rule useless.
